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(54) Data content dealing system 

(57) A system for dealing in an original data content 
and an edited data content is provided. A data content 
is handled as an object, and the data content is edited 
by editing a data content, which is an object by using an 
edit program. The edited data content is expressed by 
the original data content and the editing scenario which 
describes details of editing by the edit program. Only 
the encrypted editing scenario is dealt ia Upon receipt 
of the encrypted editing scenario, a user decrypts the 
encrypted editing scenario using a crypt key obtained 
from a key management center, and obtains the original 
data content from the database in accordance with the 
editing scenario and re-constitutes the edited data con- 
tent. In case there is the one who wishes sale of the 
editing scenario, its utilization right is sold by auction. 
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Description 

BACKGROUND OF THE INVENTION 

FIELD OF THE INVENTION 5 

The present invention relates to a system for man- 
aging copyrights in dealing in copyrighted digital data 
content, i.e., dealing in original digital data content and 
edited digital data content. io 

BACKGROUND ART 

Because analog data content is deteriorated in 
quality whenever storing, copying, editing, or transfer- is 
ring it, controlling copyrights associated with these 
operations has not been a serious problem. However, 
because digital data content is not deteriorated in qual- 
ity after repeatedly storing, copying, editing, or transfer- 
ring it, such controlling copyrights associated with these 20 
operation is a serious problem. 

Because there has been hitherto no adequate 
method for controlling a copyright for digital data con- 
tent, the copyright is handled by the copyright law or 
contracts. Even in the copyright law, compensation 25 
money for a digital-type sound-or picture-recorder is 
only systematized. 

Use of a data content includes not only referring to 
its contents but also normally effectively using by stor- 
ing, copying, or editing obtained data content by a user. 30 
Moreover, it is possible to transmit data content which is 
edited by a user to another person via on-line basis by a 
communication line or via off-line basis using a proper 
recording medium. Furthermore, it is possible to trans- 
mit the edited data content to the database to be regis- 35 
tered as new data content. In such a case, the user who 
has edited the data content may also be an information 
provider. 

Under these circumstances, how to handle a copy- 
right of data content in a database is a large problem. 40 
However, there has not been adequate copyright man- 
agement means for solving the problem so far, particu- 
larly copyright management means completed for 
secondary utilization such as copying, editing, or trans- 
ferring of the data content. 45 

The inventor of the present invention proposed a 
system for managing a copyright by obtaining a permit 
key from a key control center via a public telephone line 
in Japanese Patent Laid-Open No. 46419/1994 (GB 
2269302A) and Japanese Patent Laid-Open No. so 
141004/1994 (U.S. Patent No.5,504,933) and moreover, 
proposed an apparatus for managing the copyright in 
Japanese Patent Laid-Open No. 132916/1994 (GB 
2272822 A). 

Moreover, a copyright management method for pri- 55 
mary utilization of digital data content such as display 
(including process to sound) or storage including real- 
time transmission of the digital data content in a data- 
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base system and secondary utilization of the digital data 
content such as copying, editing, or transferring of the 
digital data content by further developing the above 
invention is proposed in Japanese Patent Laid-Open 
No. 271865/1995, EP 677949A2 (U.S. patent applica- 
tion serial No. 08/41 6,037). 

The database copyrights management system of 
the above application in order to manage the copyright, 
either one or more of a program for managing the copy- 
right copyright information, and a copyright control 
message are used in addition to a use permit key corre- 
sponding to a requested use, and data content which 
has been transferred with encrypted is decrypted to be 
used for viewing and editing, and the data content is 
encrypted again when used for storing, copying and 
transferring. 

The copyright control message is displayed when 
utilization beyond the range of the user's request or 
authorized operation is found to give caution or warning 
to a user and the copyright management program per- 
forms decryption/encryption of the data content, and 
also watching and managing so that utilization beyond 
the range of the user's request or authorized operation 
is not performed. 

The inventor also proposed in Japanese Patent 
Patent Laid-open No. 185448/1996, EP publication No. 
EP 7047S5A2 (U.S. patent application serial No. 
08/536,747) a system for specifically implementing a 
database copyright management system. 

The above-mentioned system comprises a key 
management center that manages a crypt key and a 
copyright management center that manages the data- 
base copyright. According to this system, all of the data 
contents delivered from a database is encrypted by a 
first crypt key. and a first user who wishes to use data 
content directly from the database requests the key 
management center the key corresponding to the spe- 
cific usage by presenting information on the first user to 
the center. In response to the primary usage request 
from the first user, the key management center transfers 
the information on the first user to the copyright man- 
agement center. On receiving the information, the copy- 
right management center transfers this information 
together with a copyright management program to the 
key management center. On receiving the copyright 
management program, the key management center 
transfers the first crypt key corresponding to the specific 
usage and a second crypt key K2 together with the cop- 
yright management program to the first user via a com- 
munication network. On receiving the first crypt key, the 
first user uses this key to decrypt the data content for 
usage. The user uses the second crypt key to encrypt 
and decrypt data content when subsequently storing, 
copying or transmitting the data content. 

If data content is copied to an external record 
medium or transmitted without being stored, the first 
and second crypt keys are abandoned. If the first user 
wishes to use the data content again, the first and sec- 
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ond crypt keys are re-delivered to the user from the cop- performing re-encryption is described in U.S. Patent No. 

yright management center. The re-deiivery of the 5,479,514. 

second crypt key indicates a confirmation that the data When encrypting, management of a crypt key 

content has been copied or transferred to a second including transfer and receipt of the crypt key becomes 

user, and this is recorded in the copyright management s an important issue. Generation of keys by IC card is dis- 

center. closed in U.S. Patent No. 5,577,121, and encryp- 

In requesting secondary usage to the copyright tion/decryption by IC card is disclosed in U.S. Patent 

management center, the second user presents the Nos. 5,347,581 and 5,504,817. 

information on the first user and information on the orig- Also, electronic watermark technique is described 

inal copyright to the copyright management center. The io in EP 649074. 

copyright management center transmits to the second With recent development of computer network sys- 
user a permit key corresponding to the specific usage, tern, individual computers, used on stand-alone basis in 
together with a second crypt key (viewing permit key), a the past, are connected together through the network 
third crypt key (a permit key corresponding to the spe* system, and database system to commonly share the 
crfic usage), and the copyright management program is data is now propagated. Further, distributed object sys- 
which have been encrypted. tern has been proposed, in which application program 
On the other hand, it is widely practiced to establish or basic software called operating system as well as 
LAN (Local Area Network) by connecting computers data is also commonly shared through the network, 
with each other in offices, organizations, companies, In the distributed object system, both data content 
etc. Also, a plurality of networks are connected with so and software are supplied by a server as an object, 
each other, and Internet is now organized in global which comprises program and data, 
scale, by which a plurality of networks are utilized as if In the distributed object system, there are two sys- 
they are a single network. terns, i.e. a system called object container, in which 
In LAN used in an organization such as a firm, operating system, application program and data content 
secret information is often stored, which must not be ss are provided by a server and data content processing 
disclosed to outsiders. and data content storage are performed by a user termi- 
For this reason, it is necessary to arrange the nal unit, which is an ordinary computer, and a system 
secret information in such manner that only a specific called server object, in which operating system, applica- 
group of users can gain access and use such informa- tion program and data content are provided by a server, 
tion, and such access is generally placed under control 30 and data content processing is performed by a user ter- 
to prevent leakage of secret information to outsiders. minal unit called network computer, while data content 
There are roughly two methods to control the storage is carried out by the server. A system is further 
access: a method to control access with access permis- developed, in which data content processing is also per- 
sion, and a method to do it by encryption. formed by the server, and the user terminal unit is pro- 
The method of access control by access permis- 3$ vided only with input/output function, and the whole 
sion is described in U.S. Patent Nos. 5,173,939, system functions as a single computer. 
5,220,604, 5,224,163, 5.315,6j57, 5.414,772 and Further, there is a method of so-called object ori- 
5,438,508, in EP 506435, and in JP Laid-Open ented programming performing various processings by 
1 69540/1 987. using -object** integrated with data content and program 
The access control method based on encryption is *o handling data content, instead of general form file con- 
disclosed in U.S. Patent Nos. 4.736,422. 5,224,163. sisting of data header and data body. 
5,400,403, 5,457,746, and 5,584,023, in EP 438154 In object, a storing portion called as "slot" in an 
and EP 506435. and in JP Laid-Open 145923/1993. envelope called as "instance" accomodates data called 
The access control method based on encryption and as "instance variable". The slot is surrounded by one or 
digital signature is described in U.S. Patent Nos. as more of procedures called as "method" for referring, 
4,919.545 and 5.465.299. processing, binding and so on, and the instance varia- 
Intranet is now being propagated, in which a plural- ble can be referred to or operated only via "method", 
ity of LANs are connected with each other via Internet This function is called as "encapsulation". Instruction 
and these LANs are utilized as if they are a single LAN. from outside for make the "method" refer to or operate 
In the intranet, information exchange is performed via so the instance variable is called as "message". 
Internet, which basically provides no guarantee for pre- This means, in another view, the instance variable 
vention of privacy, and information is encrypted to pre- which is impossible to be referred to or operated without 
vent the privacy when secret information is exchanged. through "method" is protected by the "method". Then, 
The prevention of information privacy during trans- this can be used for encrypting the "method" and allow- 
mission by means of encryption is disclosed in U.S. Pat- 55 ing the instance variable to be referred to or operated 
ent Nos. 5,504,818 and 5,515,441, and the use of a only by "message" which can decrypt the encrypted 
plurality of crypt keys is described in U.S. Patent Nos. "method". 

5,504,81 6, 5,353,351 , 5,475,757, and 5,381 ,480. Also, In this case also, similarly to the case of data having 
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genera! file form, since if entire "method" is encrypted, it 
is impossible to utilize "object", a part of the "method" is 
not encrypted. 

Another form of the network system called "license 
network" as rental network system, is considered. In s 
this system, an enterprise providing network base such 
as communication lines also provides the systems other 
than communication lines such as fee charging system, 
security system, copyright management system, certifi- 
cation system, etc. And a service enterprise utilizes w 
these services and carries out network business as if it 
is his own system. 

Then, basic encryption-related technique used in 
the present invention will be described below. 

15 

-Crypt key- 
Secret- key system is also called "common key sys- 
tem" because the same key is used for encryption and 
decryption, and because it is necessary to keep the key 20 
in secret, it is also called "secret-key system". Typical 
examples of encryption algorithm using secret-key are: 
DES (Data Encryption Standard} system of National 
Bureau of Standards. FEAL (Fast Encryption Algorithm) 
system of NTT, and MISTY system of Mitsubishi Electric 25 
Corp. In the embodiments described below, the secret- 
key is referred as "Ks*\ 

In contrast, the public-key system is a cryptosystem 
using a puBlic-key being made public and a priVate-key, 
which is maintained in secret to those other than the 30 
owner of the key. One key is used for encryption and the 
other key is used for decryption. Typical example is RSA 
public-key system. In this specification, the public-key is 
referred as "Kb", and the private-key is referred as "Kv". 

Here, the operation to encrypt data content, a plain 35 
text material M to a cryptogram Cmks using a secret- 
key Ks is expressed as: 

Cmks = E (M, Ks). 
The operation to decrypt the cryptogram Cmks to the 
plain text data content M using a crypt key Ks is 40 
expressed as: 

M - D (Cmks, Ks). 
Also, the operation to encrypt the plain text data content 
M to a cryptogram Cmkb using a public-key Kb is 
expressed as: 45 

Cmkb = E (M, Kb). 
The operation to decrypt the cryptogram Cmkb to the 
plain text data content M using the private-key Kv is 
expressed as: 

M - D (Cmkv, Kv). 50 
The operation to encrypt the plain text data content M to 
a cryptogram Cmkv using a private-key Kv is expressed 
as: 

Cmkv = E (M, Kv), 
and the operation to decrypt the cryptogram Ckv to the 55 
plain text data content M using the public-key Kb is 
expressed as: 

M = D (Cmkb, Kb). 



The encryption technique is the means to exclude 
illegitimate use of data content, but perfect operation is 
not guaranteed. Thus, the possibility of illegitimate use 
of data content cannot be completely excluded. 

On the other hand, electronic watermark technique 
cannot exclude the possibility of illegitimate use, but if 
illegitimate use is detected, it is possible to check the 
illegitimate use by verifying the content of electronic 
watermark, and there are a number of methods in this 
technique. These methods are described in Nikkei Elec- 
tronics. No.683, 2-24-1997, pp.99-124, "'Digital water- 
mark* to help stop to use illegal proprietary digital works 
in the multimedia age". Also, description is given on this 
technique by Walter Bender et al., "Introducing data- 
hiding technology to support digital watermark for pro- 
tecting copyrights' 1 , IBM System Journal, vol. 35, Nos. 3 
& 4, International Business Machines Corporation. 

SUMMARY OF THE INVENTION 

In the present application, it is proposed to provide 
a system for dealing in an original data content and an 
edited data content. 

In the present application, a data content is handled 
as an object, and the data content, functioning as an 
object, is edited in accordance with an edit program. 
Therefore, the edited data content can be expressed by 
the original data content and an editing scenario, which 
describes the edit detail based on the edit program. As 
the original data content to be utilized, there are, in addi- 
tion to the one stored in the database, those prepared 
originally by the data editor. The data content prepared 
by the data editor can also be handled in the same man- 
ner as the other data by storing it in the database. In this 
case, only the encrypted editing scenario is dealt in, and 
when the user obtains the encrypted editing scenario, 
the user decrypts the encrypted editing scenario by 
using a crypt key obtained from a key management 
center, and obtains the original data content from the 
database in accordance with the editing scenario and 
re-constitutes the edited data content. 

In case there is the one who wishes sale of the edit- 
ing scenario, its utilization right is sold by auction. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a block diagram of an embodiment of a 
data management system. 

Figure 2 illustrates an example of producing new 
data content using a plurality of data contents as 
objects. 

Figure 3 is a block diagram of another embodiment 
of a data management system. 

Figure 4 is an outlined block diagram of an embod- 
iment of a data content dealing system. 

Figure 5 is an outlined block diagram of another 
embodiment of a data content dealing system. 

Figure 6 is an outlined block diagram of yet another 
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embodiment of a data content dealing system. data content {A1 + B1 + C1 + + A2 + B2 + C2 + 

Figure 7 is an outlined block diagram of a system + A3 + B3 + C3 + } is obtained by dividing the origi- 

deaiing in en editing scenario. nal data content A, B, C. ...... into orig.nal data content 

elements A1. A2. A3 B1. B2, B3 and C1. C2, 

DETAILED DESCRIPTION OF THE PREFERRED 5 C3 combining them, and changing their arrange- 

EMBODIMENTS ments; and a case in which edited data content {A1 + 
B1 + C1 + X1 + + A2 + B2 + C2 + X2 + + A3 + 

Preferred embodiments are described as below B3 + C3 + X3 + } is obtained by dividing the original 

referring to the accompanied drawings. data content A, B, C . into . rtglna! data content ele- 

The edit processing of data content is performed by io ments A1, A2, A3 B1, B2, B3, ....... and C1, C2, 

editing the original copyrighted data using an edit tool, C3 combining with the elements of user data con- 

which is an application program. The edited data con- tent X1. X2, X3 and chang.ng the.r arrangements. 

tent obtained by editing can be expressed by the utilized Also in these cases, combination of a plurality of 

original data content, the information of the used edit original data contents, combination of a plurality of orig- 

tool and the editing process data. Specifically, in case is tnal data contents with user data content, division of a 

the edit tool is available, it is possible to reproduce the plurality of original data contents and change of the 

edited data content by obtaining the original copyrighted arrangements, and combination of divided plurality of 

data and the editing process data. original data contents with the user data content arise 

Description on editing digital data at first will be respectively a secondary copyright, which is necessary 

given. 20 to be protected. Also, the original copyright of the user, 

Because digital data content is edited by using an of course, exists in the data content X1, X2, X3 

edit program (edit tool) and thereby altering original added by the user, 
data content edited data content can be reproduced as 

the original data content, edit tool and editing process [Embodiment 1] 

data content (editing scenario) are specified. In other ss 

words, unless the original data content, edit tool and the The description of Embodiement 1 will be given 

editing scenario are specified, it is impossible to repro- below referring to the drawing. 

duce the edited data content. Figure 1 shows a schematic view of a data copy- 
To produce new data content from single original rights management system in which a user edits one 
data content, there are a case in which edited data con- 30 original copyrighted data and transfers it to a next user, 
tent {A'J is obtained by altering original data content A; In the embodiment, reference numerals 1, 2. and 3 
a case in which edited data content {A + X} is obtained represent databases that store text data or binary, 
by adding data content X to the original data content A audio, and/or picture data constituting computer graph- 
by a user; a case in which edited data content {A"} is ics screens or programs, which is not encrypted; 9 is a 
obtained by dividing the original data content A into 35 communication line such as a public telephone line pro- 
original data content elements A1, A2, A3 and vided by a communication company or a CATV line pro- 
changing the arrangement of the elements to such as vided by a cable television enterprise; 10 is a recording 
A3, A2 and A1 ; and a case in which edited data content medium such as a flexible disk; 4 is a first user terminal; 

{Al + X1 + A2 + X2 + A3 + X3 } is obtained by divid- 5 is a second user terminal; 6 is a third user terminal; 

ing the original data content A into original data content 40 and 7 is an n-th user terminal. Reference numeral 8 rep- 
elements A1 , A2. A3 also dividing the data content resents a copyright management center for managing 

X of the user into X1. X2, X3 and arranging these the data copyright. 

elements. The databases 1, 2, and 3, copyright management 

In these cases, alteration of original data content, center 8. first user terminal 4, second user terminal 5, 

change of original data content arrangement, combina- 45 third user terminal 6, and n-th user terminal 7 are con- 

tion of the original data content with user data content nected to the communication line 9. In Figure 1. 

and division of the original data content and combina- encrypted data content is transmitted via the path 

tion of it with the user data content use respectively a shown by a broken line, requests are transmitted from 

secondary copyright, which is necessary to be pro- user terminal 4, 5, 6, or 7 to database 1 , 2, or 3 and cop- 

tected. The original copyright of the user, of course, so yright management center 8 via the path shown by a 

exists in the data content X added by the user. solid line. The permit key, copyright management pro- 

To produce new data content by combining a plural- gram, and crypt key corresponding to a specific usage 

ity of original data contents, there are, for example, a are transmitted from database 1. 2, or 3 and copyright 

case in which edited data content {A + B + C } is management center 8 to user terminal 4, 5. 6. or 7 via 

obtained by simply combining original data contents A, ss the path shown by an one-dot chain line. 

B, C ; a case in which edited data content such as The Embodiment 1 employs a first public-key Kb1 , 

{A + X} is obtained by adding data content X to the orig- a first private-key Kv1 corresponding to the first pubiic- 

inal data content A, B, C ; a case in which edited key Kbl, a second public-key Kb2 t and a second pn- 
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vate-key Kv2 corresponding to the second public-key 
Kb2 that are prepared by a first user, and a first secret- 
key Ks1 and a second secret-key Ks2 prepared by the 
database. The database uses the first secret-key Ks1 to 
encrypt data content M: 5 

Cmksl = E(M. Ks1) 
and further encrypts the first secret-key Ks1 by the first 
public-key Kb1 : 

Ckslkbl = E (Ks1, Kbl) 
and the second secret-key Ks2 by the second public- 10 
key Kb2: 

Cks2kb2 = E (Ks2, Kb2). 
The database then transmits these encrypted data con- 
tent Cmksl and the first and the second secret- keys 
Cks1 kb1 and Ck2kb2 to the first user. is 

The first user decrypts the encrypted first secret- 
key Ckslkbl using the first private-key Kv1: 

Ks1 =D(Kv1 f Ckslkbl), 
and decrypts the encrypted data content Cmksl by the 
decrypted first secret-key Ksl : 20 

M=D(Ks1, Cmksl) 
and uses it The user decrypts encrypted second 
secret-key Cks2kb2 by the second private-key Kv2: 

Ks2 = D (Kv2, Cks2kb2). 
which is subsequently used as a key for encrypt- 25 
ing/decrypting when storing, copying, or transmitting 
data content. 

if the first user copies data content obtained and 
then supplies H to second user, the data content does 
not involve the copyright of the first user because no 30 
modifications have been made to the data content. If, 
however, first user produces new data content based on 
the data content obtained or using a means for combin- 
ing the original data content with other data content, the 
new data content involves a secondary copyright for first 35 
user, and the first user has the original copyright for this 
secondary work. 

Similarly, if second user produces further new data 
content based on the data content obtained from the 
first user or combining with other data content, the new 40 
data content involves a secondary copyright for the sec- 
ond user, and the second user has the original copyright 
of this secondary work. 

Databases 1, 2 t and 3 store text data content or 
binary, digital audio, or digital picture data content con- 45 
stituting computer graphics screens or programs. This 
data content is encrypted when read out and supplied to 
the user terminal 4 via communication line 9 during a 
data content read operation in response to a request 
from the first user terminal 4. so 

The method of managing copyrights of data 
obtained from a database is described in Japanese Pat- 
ent Application 1994-237673 (JP Laid Open 1996- 
185448. U.S. Patent Application Serial No. 08/536,747, 
EP 704785A2). 55 

As shown in Figure 2, first user extracts parts M4, 
MS and M6 constituting data content from a plurality of 
data contents Ml, M2 and M3 obtained from one or 
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more databases, and produces new data content M7 
using these parts M4, M5 and M6. 

First user supplies new data content M7 to second 
user. New data content M7 involves a secondary 
coyright associated with the editing of original data con- 
tents M1 , M2 and M3 as well as the original copyright for 
original data contents M1, M2 and M3, which are mate- 
rial of parts M4, M5 and M6 to be produced new data 
content M7. 

The original data contents Ml, M2 and M3 are 
encrypted using each of the second secret-keys Ks21, 
Ks22, Ks23 supplied with each of data contents M1 , M2 
and M3 when used for operations other than display; 
i.e., store, edit, copy or transmit: 

Cm1ks21 =E(M1, Ks21) 

Cm2ks22 = E (M2, Ks22) 

Cm3ks23 = E (M3, Ks23). 
The data content parts M4, M5 and M6, of original data 
contents are also encrypted using each of the second 
secret- keys Ks21, Ks22, Ks23 supplied with each of the 
original data contents when used for operations other 
than display: 

Cm4ks21 =E(M4, Ks21) 

Cm5ks22 = E (M5 ( Ks22) 

Cm6ks23 = E (M6 ( Ks23). 
First user who has edited the data content performs 
a digital signature for edit program Pe using first private- 
key Kv1: 

Spe = D(Pe. Kv1) 
and supplies encrypted original data content parts 
Cm4ks21, Cm5ks22 and Cm6ks23 to second user 
together with the edit program Pe with the digital signa- 
ture, via communication line 9 or by stored into the 
recording medium 10. 

Upon receipt of the encrypted original data content 
parts Cm4ks21, Cm5ks22 and Cm6ks23, and the edit 
program Pe, second user requests second secret-keys 
Ks21, Ks22, Ks23 for decryption of the encrypted origi- 
nal data content parts Cm4ks21 f Cm5ks22 and 
Cm6ks23 by presenting the edit program Pe with the 
digital signature, to the copyright management center 8. 

Data copyright management center 8 identifies first 
user from the presented digital signature Spe in the edit 
program, using the first public-key Kb1 : 

Pe = E (Spe, Kb1), 
and determines if first user is a valid user to use the 
original data content to which the second secret-keys 
Ks21, Ks22, Ks23 correspond. If the first user is the 
valid user, the center transmits the second secret-keys 
Ks21, Ks22, Ks23 to second user. Otherwise, it does 
not transmit the second secret- keys Ks21 f Ks22, Ks23 
to the second user. 

The digital signature Spe presented to the copyright 
management center is registered in the center as a valid 
procedure for authorizing the first user being a second- 
ary copyright owner. 

While the above data content editing of original 
data content can be performed by using an edit program 
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corresponding to the original data content, by handling 
the original data content as object- oriented software, rt 
is possible to facilitate further editing of data content 
and manage more preferably copyrights of data content. 

Moreover, by adopting agent-oriented software, a s 
user can synthesize data content with little labor. 

The agentoriented software, unlike the conven- 
tional one, is a program having autonomy, flexibility and 
cooperativeness, which is able to meet a user's request 
with its characteristics of autonomy, flexibility and coop- io 
erativeness in accordance with only a general instruc- 
tion of the user without specifically giving every 
operation instruction to the software. 

By incorporating the agent program into a basic 
system of a data copyright management system so that is 
the database utilization of a user is monitored, and it is 
arranged that information including data utilization con- 
dition and charging is collected at the database or the 
copyright management center, using metering function 
placed in a user terminal, and thus, it is possible to know 20 
the database utilization condition of the user at the data- 
base side or the copyright management center side and 
achieve more accurate copyright management. The 
agent program and rts data are also necessary to be 
protected in copyrights, and therefore, are encrypted 2s 
like original data content 

The copyrighted data can be handled in the compu- 
ter programming or processing as "object" integrated of 
program and data content. 

30 

[Embodiment 2] 

Embodiment 2 is described referring to Figure 3. 
This embodiment uses first secret-key Ks1, second 
secret-key Ks2, third secret-key Ks3, plaintext original 35 
copyright label LcO and plaintext copyright management 
program Pc. 

The data copyright management system shown in 
Figure 3 comprises database 1 1 . key control center 12, 
users 13, 13. 13 ... and a communication line 14 that 40 
connects these entities. Database 11 receives data 
content from information providers (IP) 15. 15, 15.... 
However, in some cases, data content is supplied 
directly to users 13 from information providers 16, 16, 
16 ... via communication line 14 without database 11 <s 
intervening. 

The data content used in the invention is the object 
comprising combined program and data content. Data 
content is supplied from information providers 15, 15, 
15 ... to database 1 1 and to first users 13. However, in so 
some cases, data content is supplied from information 
providers 16, 16, 16 ... via communication line 14 or via 
information record medium 17 such as CD-ROM or the 
like directly to first users 13 without database 11 inter- 
vening. 55 

The solid line, broken line and one-dot chain line in 
this Figure 3 show the path for data content and 
requests for crypt keys, path of encrypted data content 
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and path of crypt keys, respectively. 

First users 13 are not merely users but can be infor- 
mation providers 15 or 1 6 that provide new data content 
(secondary copyrighted data) by combining or revising 
a plurality of obtained original data contents. 

In the data copyrights management system, the 
original data content provided by each of information 
providers 15 and 16 has been encrypted to protect the 
copyright. Therefore, the encrypted original data con- 
tent obtained by first user 13 needs to be decrypted in 
using. All of the crypt keys for the decryption are depos- 
ited in the key control center 12 to be controlled by the 
center. 

Each information provider 15 or 16 can adopt freely 
any cryptosystem. However, the cryptosystem 
described later and used after secondary utilization of 
data content is limited to one adopted by the key control 
center 12. 

In this system, plaintext original data content MO is 
encrypted by first secret-key Ks1 : 

Cm0ks1 = E(M0. Ks1), 
and is provided to the first user 1 3 from information pro- 
vider 15 via database 1 1 and communication line 14, or 
from information provider 16 via communication line 14, 
or via information recording medium 17 such as CD- 
ROM, together with original copyright label LcO. 

Plaintext original copyright label LcO is attached to 
encrypted original data content CmOksl provided for 
the first user 13, and is used for obtaining primary use 
permit keys, etc. Namely, encrypted original data con- 
tent CmOksl includes plaintext original copyright label 
LcO and encrypted original data content CmOksl . The 
name of application programs in use. outlined explana- 
tion, fees and charging method are entered into plain- 
text original copyright label LcO in addition to general 
information including the name of original creator, title 
name and creation date of the original data content. The 
number of a crypt key is also entered if necessary. Dig- 
ital signature by original creator added to plaintext orig- 
inal copyright label LcO can prevent false copyright 
claiming. 

The first user 13 who requires use of encrypted 
original data content CmOksl makes a request to key 
control center 12 via communication line 14 for distribut- 
ing a primary use permit key Ks1 by presenting original 
copyright label LcO. 

Key control center 12 that has identified the secret- 
key as first secret-key Ks1 to be distributed, by pre- 
sented original copyright label LcO, distributes this first 
seckret-key Ks1 to the first user 13 via communication 
line 14. Upon receip of distributed first secret-key Ksl, 
the device of the first user 13 is turned to the copyright 
management mode, and the first user 13 can use the 
original data content. 

On the other hand, key control center 12 charges a 
fee as well as grasps the use condition of original data 
content and of the database used by the first user 13. 

The first user 13 decrypts encrypted original data 
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content CmOksl using first secret-key Ks1 : 

MO = D (CmOksl, Ks1). 
and uses it. 

When decrypted original data content MO is stored 
in the first user 13 device, it is encrypted again by first s 
secret-key Ks1 

CmOksl = E (MO, Ks1) 
and re-encrypted original data content CmOksl is 
stored. 

For repeated use of re-encrypted original data con- 10 
tent CmOksl, repeated decryption and encryption are 
carried out using first secret-key Ksl . 

The first user 13 who requires to edit original data 
content MO makes a request to key control center 12 for 
distributing second secret-key Ks2 via communication is 
line 14. 

Upon receipt of the request for distributing second 
sercret-key Ks2, key control center 12 distributes sec- 
ond secret-key K62 to the first user 13 via communica- 
tion line 14. The first user 13 receives second secret- 20 
key Ks2, edits original data content MO and obtains half- 
way edited data content M0\ 

When halfway edited data content MO* is stored in 
the user 13 device, it is encrypted by second secret-key 
Ks2: 25 
Cm0 , ks2 = E (M0\ Ks2). 

When the edit is finally completed, the first user 13 
prepares third secret-key Ks3 in order to execute the 
secondary copyright with reference to the data content 
editing of final edited data content M1, and registers 30 
third secret-key Ks3 into key control center 12. The key 
control center 12 also may prepare third secret-key Ks3 
and distribute it in response to a request from the first 
user 13. 

When the first user 13 copies edited data content 35 
Ml into external recording medium 18 or transfers it via 
communication line 14, it is encrypted by third secret- 
key Ks3: 

Cm1ks3 r=E(Ks3.M1), 
and is provided to a second user 19. *° 

The second user 19 who desires to use provided 
encrypted edited data content Cm1ks3 requests key 
control center 1 2 for distributing third secret-key Ks3 via 
communication line 14. Upon receipt of the request for 
distributing third secret-key Ks3 from the second user 45 
19, key control center 12 distributes third secret-key Ks3 
to the second user 19 via communication line 14. 

The second user 19 who has received third secret- 
key Ks3. decrypts encrypted edited data content 
Cm1ks3 using third secret-key Ks3: so 

M1 = D(Ks3. Cm1ks3) 
and uses it. 

When using encrypted data content Cm1ks3 again, 
decryption and encryption are carried out using third 
secret-key Ks3. 55 
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[Embodiment 3] 

Embodiment 3 in which a user edits one original 
copyrighted data content and transfers it to a next user, 
is described as below referring to Figure 4. This embod- 
iment uses "user label", "copyright label" and "edit label" 
in order to protect the data content copyright and exe- 
cute the copyright Information of the label owner is 
described in the user label; information relating original 
copyrighted data content is described in the copyright 
label; and information of original data content and of the 
edit tool and editing process data (editing scenario) are 
described in the edit label, which may be described edit 
tool (edit program) instead of edit tool information. 

The user label is generated by the data manage- 
ment center according to the information of the user 
when the user joins the system. The copyright label is 
generated by the data management center when the 
creator of the data content presents the details to the 
data management center. The edit label is generated by 
the data management center, when the user who has 
edited the data content presents the user label and the 
editing scenario to the data management center. These 
are transferred to each label owner and are stored at the 
data management center. 

(1) The original creator (data content owner) A 
presents the original copyright label LcO and 
requests the data management center to distribute 
original secret-key KsO. The original creator may 
transfer or deposit the original data content to an 
information provider or to database so that the infor- 
mation provider or the database can play a role of 
the original creator. 

It is also possible that the original creator A 
stores the original secret-key KsO and encrypts the 
original data content MO without depending on the 
data management center, while the original secret- 
key KsO must be stored at the data management 
center for the user (data content user) to use the 
original data content MO. 

(2) When requested to distribute the original secret- 
key KsO, the data management center encrypts the 
original secret-key KsO corresponded to the original 
copyright label LcO using public-key KbO of the orig- 
inal creator A: 

CksOkbO = E (KsO. KbO) 
and sends the encrypted original secret-key 
CksOkbO together with the original copyright label 
LcO to the original creator A. 

In this case, the data management center per- 
forms one-way hash to the original copyright label 
LcO using algorithm such as MD 5, for example, to 
16-byte data amount, prepares an original copy- 
right label fingerprint FO, and sends it to the original 
creator A. This electronic fingerprint is prepared on 
each of the original data content and edited data 
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content each time the data content is edited and 
edited data content is obtained, and is translerred, 
together with the data content 

(3) When the encrypted original secret-key s 
CksOkbO is distributed, the original creator A 
decrypts the encrypted original secret-key CksOkbO 
using private-key KvO of the original creator A: 

KsO = D (CksOkbO, KvO), 
encrypts the original data content MO using the 10 
decrypted original secret-key KsO: 

CmOksO = E (MO, KsO) 
and transfers the encrypted original data content 
CmOksO. the original copyright label LcO and the 
original copyright label fingerprint FO to the first 75 
user U1. 

(4) When the encrypted original data content 
CmOksO, the original copyright label LcO and the 
original copyright label fingerprint FO are trans- 20 
ferred, the first user U1 presents the original copy- 
right label LcO. the original copyright label 
fingerprint FO and first user label Lu1 and requests 
the data management center to distribute the origi- 
nal secret-key KsO. 25 

(5) When requested to distribute the original secret- 
key ksO, the data management center confirms 
validity of the presented original copyright label LcO 
using the original copyright label fingerprint FO and so 
registers the first user label Lu1. At the same time, 

the original secret-key KsO corresponding to the 
original copyright label LcO is encrypted using pub- 
lic-key Kbl of the first user U1 : 

CksOkbl - E (KsO, Kb1) 33 
and the encrypted original secret-key CksOkbl is 
distributed to the first user U1 . 

(6) When the encrypted original secret-key 
CksOkbl is distributed, the first user U1 decrypts 40 
the encrypted original secret-key CksOkbl using 
private-key Kv1 of the first user U1 : 

KsO = D (CksOkbl, Kv1), 
decrypts the encrypted original data content 
CmOksO using the decrypted original secret-key 45 
KsO: 

MO a D (CmOksO, KsO), 
and edits the decrypted original data content MO 
using the edit tool and obtains edited data content 

Me1. 50 

The edited data content Mel thus obtained 
contains copyright of the first user, who edited the 
data content, and also copyright of the original cre- 
ator who prepared the original data content 

The copyright of the original creator relating to ss 
the original data content MO can be protected by 
the registered original copyright label LcO which 
has been registered, original copyright label finger- 



print FO and the original secret-key KsO corre- 
sponded to the original copyright label LcO and also 
by the first user label Lu1 and first secret-key Ks1 
corresponded to the first user label Lut. However, 
because no key for encrypting the edited data con- 
tent Me1 is available, the secondary copyright of 
the first user relating to the edited data content Me1 
is not yet protected. 

(7) To protect the secondary copyright of the first 
user relating to the edited data content Me1 . label 
of the first user, who is the creator of the edited data 
content, and its electronic fingerprint are used in 
the this embodiment. 

As already described, the edited data content 
can be expressed by data content of the utilized 
original data content, information of the used edit 
tool and the editing scenario (editing process data). 
Accordingly, these informations and editing sce- 
nario are entered in the first user label, i.e. the first 
edit label Le1. 

Further, to protect secondary copyright in sub- 
sequent distribution process, the user U1 presents 
the first edit label Le1 to the data management 
center so that the secondary copyright of the user 
U1 is registered. 

(8) When the first edit label Le1 is presented, the 
data management center confirms validity of the 
presented original copyright label LcO in the first 
edit label by using the original copyright label fin- 
gerprint FO and registers the first edit label Let. At 
the same time, the electronic fingerprint Fe1 of the 
first edit label Lei is prepared, and first edit secret- 
key Kse1 corresponded to the first edit label Le1 is 
encrypted by public-key Kb1 of the first user U1 at 
the data management center: 

Ckseikbl * E (Ksel, Kb1), 
and the encrypted first edit secret-key Ckseikbl is 
distributed to the first user U1 together with the 
electronic fingerprint Fe1 of the first edit label Let. 

(9) When the encrypted first edit secret-key 
Ckseikbl and the electronic fingerprint Fe1 of the 
first edit label Lei are distributed, the first user U1 
decrypts the encrypted first edit secret-key 
Cksel kb1 using private-key Kvl of the first user U1 : 

Kse1 = D (Ckseikbl, Kv1), 
encrypts the first edited data content Mel using the 
decrypted first edit secret-key Kse1 : 

Cmelksel = E (Mel, Ksel) 
and transfers the encrypted first edited data content 
Cmelksel to the second user U2 together with the 
first edit label Le1. and the electronic fingerprint 
Fe1 of the first edit label Lei . 

Then, the same operation is repeated. 

Each user may put digital signature, which one-way 
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hash value of the user's label is encrypted using user's 
private-key, on the user's label to be presented to the 
data management center. Then, the data management 
center decrypts the encrypted one-way hash value 
using the user's public-key, calculates the one-way hash 
value of the label and compares the two one-way hash 
values in order to verify validity of each user's label. 

In this embodiment, only the first edit label Le1 and 
the electronic fingerprint Fe1 of the first edit label Le1 
are transferred together with the encrypted first edited 
data content Cme1kse1 when edited data content 
transfer, while it is possible to arrange in such manner 
that the other labels and electronic fingerprints can be 
simultaneously transferred. 

In the editing by utilizing a plurality of data contents 
as shown in Figure 2, operation is complicated because 
there are a large numbers of data contents and it can be 
carried out as in the editing process using a single data 
content. Description is not given here to avoid lengthy 
explanation. 

In the systems described above, the data content is 
encrypted using the secret-key, and the secret-key for 
its decryption and secret-key for re-encryption used for 
storing, copying and transfer are distributed by the data 
management center based on the user label presented 
by the user. 

[Embodiment 4] 

In case of distributed object system represented by 
license network system, the use of network computer to 
perform only input/output of data content and data con- 
tent processing and not provided with data content stor- 
age unit is attempted instead of conventional type 
computer, which possesses data content storage unit of 
large capacity. 

Further, the use of a network computer similar to a 
terminal unit of large size computer, having only 
input/output function of data content and not provided 
with data content processing unit is also considered. 

This network computer does not have data content 
storage unit and cannot store or copy the data content. 

Next, description will be given on an embodiment, 
which can also be applied to a network computer not 
provided with data content storage unit and used in the 
distributed object system. It is needless to say that this 
embodiment is also applicable to an ordinary computer 
provided with data content storage unit. 

To protect data content copyright, H is necessary to 
use some sort of encryption technique to restrict unau- 
thorized utilization of the data content. 

In the Embodiment 3 described above, to protect 
copyright in a system for an ordinary computer having 
data storage unit encrypted data content and labels not 
encrypted as clues to utilize the data content are used. 

In contrast, in a system for a network computer, 
which has only the function of the above-mentioned ter- 
minal unit, the data content is not stored, copied or 



transferred, and there is no need to encrypt the data 
content. 

As already explained, the editing of data content is 
performed by modifying the original data content using 

5 the edit tool, and edited data content thus obtained can 
be expressed by the utilized original data content, infor- 
mation of the used edit tool and the editing scenario. 

In a case that edited data content is produced by 
utilizing the data content in the database existing on the 

w distributed object system, the edited data content can 
be also reproduced by specifying the utilized database, 
the used original data content, information of the used 
edit tool and the editing scenario. The same applies to 
the case where a plurality of data contents obtained 

is from a single database or a plurality of databases are 
utilized. 

Description will be given now on Embodiment 4 
referring to Figure 5. In this embodiment, the original 
copyright owner and the information provider holding 
20 the data content are discriminated from the user who 
does not hold data content, and are arranged on the 
network side with the data management center and the 
like. 

In the system of this embodiment, public-key and 
25 private-key are used. If original data content is trans- 
ferred to a user, the original data content is encrypted by 
using a secret-key or a public-key of transferred destina- 
tion for the purpose of security. 

The first user U1 searches the data content and col- 
30 lects necessary data content utilizing the network, 
broadcasting or recording medium. The collected data 
content is simply stored temporarily on memory of the 
user U1 . Even when data content storage unit such as a 
hard disk drive is included in the device of the user U1, 
35 the data content is not stored in the data content stor- 
age unit. 

In order that the data content is not stored, when 
there is an attempt to store it, inhibition of storage of the 
data content is performed by destroying the data con- 
40 tent on memory, changing data header on memory, tun- 
ing the data content to one-way hash value, changing 
file name to non-storable file name, etc. 

While it is possible to inhibit the storage by data 
content storage inhibition program, which is incorpo- 
45 rated in the program of the data content having object 
structure, higher reliability is accomplished if the stor- 
age inhibition is performed by an operating system 
(OS), which is related to the entire system or to the 
user's device. 

so Description will be given on a case where a plurality 
of data contents are utilized in this embodiment. 

(1)(2)The first user U1 presents first user label Lul 
to the data management center, collects the origi- 

55 na! data content MOi (i = 1, 2, 3 ) from 

data content library of the information provider IP in 
the system and obtains an edit tool Pe. In this case, 
the original data content MOi and the edit tool Pe 
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are encrypted using public-key Kbi of the first user 
U1: 

CmOikbl = E (MOi, Kbi) 

Cpekbl = E (Pe, Kb1) 
and the encrypted original data content CmOikbl 5 
and the encrypted edit tool Cpekbl are distributed 
to the first user U1. 

The first user label Lu1 is referred, and then, 
utilizing condition of the original data content MOi 
and the edit tool Pe are recorded at the data man- 10 
agement center and are utilized for charging of a 
fee. 

(3) When the encrypted original data content 
CmOikbl and the encrypted edit tool Cpekbl are is 
distributed, the first user U1 decrypts the distributed 
encrypted original data content CmOikbl and the 
encrypted edit tool Cpekbl using private-key Kv1 of 
the first user U1 : 

MOi = D (CmOikbl , Kv1) so 

Pe = D (Cpekbl, Kv1). 
Using the decrypted edit tool Pe, the decrypted 
original data content MOi is edited, and a first edited 
data content M1i (i = 1 , 2, 3 ) is obtained. 

25 

(4) Obtaining the first edited data content M1i, the 
first user U1 encrypts a first scenario S1i, which is 
the editing process data for the first edited data 
content M1i, using public-key Kbc of the data man- 
agement center: 30 

Cslikbc - E(Sli. Kbc) 
and presents the encrypted first scenario Cslikbc 
together with the first user label Lu1 to the data 
management center, so that secondary copyright of 
the user U1 is registered. 35 

(5) When the encrypted first scenario Cslikbc is 
presented, the data management center decrypts 
the encrypted first scenario Cslikbc using private- 
key Kvc of the data management center: *o 

S1i = D (Cslikbc, Kvc), 
prepares a first edit label Le1 based on the pre- 
sented user label of the first user U1 and the 
decrypted first scenario S1i, stores it in the data 
management center, encrypts the first edit label <t 
Le1 using public-key Kb1 of the first user U1 : 

Clelkb! = E(Le1,Kb1), 
and transfers the encrypted first edit label Cle1kb1 
to the first user U1. 

Si 

(6) When the encrypted first edit label Cle1kb1 is 
transferred, the first user U1 decrypts the encrypted 
first edit label Clelkbl using private-key Kv1 of the 
first user U1: 

Lei = D (Clelkbl. Kv1). Si 
encrypts the decrypted first edit label Le1 using 
public-key Kb2 of the second user U2: 

Cle1kb2 = E(Le1.Kb2) 



and transfers the encrypted first edit label Clei kb2 
to the second user U2. but the first edited data con- 
tent Ml t or the encrypted first edited data content is 
not transferred to the second user U2. 

When the computer of the first user U1 is pro- 
vided with a data content storage unit, there is pos- 
sibility that the collected original data content or the 
edited data content may be stored in the storage 
unit, however, storage inhibition as described above 
is carried out to exclude storage, copying and trans- 
fer. 

In this case, it is possible, instead of the 
encrypted first edit label Cle1kb2 t to use electronic 
fingerprint Fe1 , which is obtained by turning the first 
edit label to one-way hash value. In so doing, it is 
possible to perform simplified transfer of the edit 
label by telephone voice. 

(7) When the encrypted first edit label Cle1kb2 is 
transferred, the second user U2 decrypts the trans- 
ferred encrypted first edit label Cle1kb2 using pri- 
vate-key Kv2 of the second user U2: 

Le1 =D(Cle1kb2, Kv2), 
encrypts the first edit label Le1 using the private- 
Key Kv2 of the second user U2: 

Cle1kv2 = E (Le1, Kv2) 
and presents the encrypted first edit label Cle1kv2 
together with the second user label Lu2 to the data 
management center. 

(8) When the encrypted first edit label Cle1kv2 and 
the second user label Lu2 are presented, the data 
management center decrypts the presented 
encrypted first edit label Cle1kv2 using public-key 
Kb2 of the second user U2: 

Le1 = D (Cle1kv2, Kb2), 
collects the original data content MOi shown on the 
decrypted first edit label Le1 . edits the original data 
content MOi using the edit tool Pe based on the first 
scenario S1I described on the first edit label Lei, 
and reproduces the first edited data content M1i. 

When the first edited data content M1 i is repro- 
duced, the data management center encrypts the 
first edited data content M1i and the edit tool Pe 
using the public-key Kb2 of the second user U2: 

Cm1ikb2 ■ E (M1i, Kb2) 

Cpekb2 = E (Pe, Kb2) 
and transfers the encrypted first edited data content 
Cm1ikb2 and the encrypted edit tool Cpekb2 to the 
second user U2. 

(9) When the encrypted first edited data content 
Cm1ikb2 and the encrypted edit tod Cpekb2 are 
distributed, the second user U2 decrypts the distrib- 
uted encrypted first edited data content Cm1ikb2 
and the encrypted edit tool Cpekb2 using the pri- 
vate-key Kv2 of the second user U2: 

M1i = D(Cm1ikb2, Kv2) 
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Pe = D (Cpekb2, Kv2) 
and edits the decrypted first edited data content 
M1i using the decrypted edit tool Pe, and the sec- 
ond edited data content M2i (i = 1, 2, 3 ) 

is obtained. 

(10) When the second edited data content M2i is 
obtained, the second user U2 encrypts the second 
scenario S2i, which is editing process data of the 
second edited data content M2i, using the public- 
key Kbc of the data management center: 

Cs2ikbc = E (S2i, Kbc) 
and presents the encrypted second scenario 
Cs2ikbc together with the second user label Lu2 to 
the data management center. 

(11) When the encrypted second scenario Cs2ikbc 
is presented, the data management center 
decrypts the encrypted second scenario Cs2ikbc 
using the private-key Kvc of the data management 
center: 

S2i = D (Cs2ikbc, Kvc), 
prepares a second edit label Le2 based on the pre- 
sented user label of the second user U2 and the 
decrypted second scenario S2i, stores it in the data 
management center, encrypts the second edit label 
Le2 using public-key Kb2 of the second user U2: 

Cle2kb2 = E (Le2, Kb2) 
and transfers the encrypted second edit label 
Cle2kb2 to the second user U2. 

(12) When the encrypted second edit label Cle2kb2 
is transferred, the second user U2 decrypts the 
encrypted second edit label Cle2kb2 using private- 
key Kv2 of the second user U2: 

Le2 = D (Cle2kb2, Kv2), 
encrypts the decrypted second edit label Le2 using 
public-key Kb3 of the third user U3: 

Cie2kb3 = E (Le2, Kb3) 
and transfers the encrypted second edit label 
Cle2kb3 to the third user U3. 

Then, the same operation is repeated. 

In the Embodiment 4 using this distributed object 
system, the data content is not stored by the user, but it 
is stored only in the database. On the other hand, the 
user controls and stores only the information' relating to 
user and editing, i.e., the edit label having information of 
the utilized original data content and the used edit tool, 
the editing scenario and the information of the u6er who 
has edited. Only this edit label is encrypted and trans- 
ferred between the users. Therefore, the data content is 
not stored, copied or transferred. 

It is al60 possible to simultaneously provide two 
systems so that the two systems can be adequately 
selected and utilized, i.e., a system where the key for re- 
encryption is distributed at the same time as the key for 
decryption; and a system where the key for re-encryp- 



tion is separately distributed from the key for decryption. 
[Embodiment 5] 

s Description will be given on an embodiment of a 
data content dealing system for dealing in an original 
data content and an edited data content, referring to 
Figure 6. 

The original data content handled in this system is 

to an object, and the edited data content is expressed as 
the original data content object linked by an editing sce- 
nario. Therefore, only the editing scenario is dealt in. 
Upon receipt of the editing scenario, the user collects 
and links the original data content used according to the 

is editing scenario and reproduces the edited data con- 
tent In this case, the original data content may be col- 
lected or linked by the user himself, but the burden on 
the user may be reduced if it is performed in the system 
side or by using an agent program. 

20 A data content dealing center, which serves as a 
core of the system, comprises a data content database, 
an editing scenario database, a key management 
center, and a data content dealing management center 
present on a network. 

25 The data content database stores the original data 
content provided by an information provider (IP) and 
supplies it in response to the request of the user. 

The editing scenario database stores the editing 
scenario when the user obtained the edited data con- 

30 tent by utilizing the original data content or user's data 
content created by the user and supplies it in response 
to the request of the user. 

The key management center stores a secret key for 
encryption/decryption for the original data content, the 

35 user data content and the editing scenario and supplies 
it in response to the request of the user. 

The data content dealing management center pre- 
pares a catalog and advertizes for the original data con- 
tent or the edited data content and performs sales 

40 management and collecting a fee to the user, and also 
manages a copyright label of the data content to be 
stored in the data content database. 

An editing scenario dealing management center 
prepares a catalog and advertizes for the edited data 

45 content and performs sales management and collecting 
a fee to the user, and further, when necessary, collects 
and links the original data content according to the edit- 
ing scenario and manages a label for the editing sce- 
nario to be stored in the editing scenario database. 

go For the detailed operation of each component, 
which comprises the data content dealing center, 
description is not given here because it is the same as 
already explained. 

55 (1) The information provider IPi (i = 1, 2, 3 : the 

same applies hereinafter) encrypts the original data 
content MOi using an original secret-key KsOi: 
CmOiksOi = E (MOi, KsOi), 
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encrypts the corresponding original secret-key KsOi 
using a public-key Kbc of the data content dealing 
center: 

CksOikbc = E (KsOi, Kbc) 
and supplies the encrypted original data content 5 
CmOiksOi (shown as "mOi" in the figure) and the 
encrypted original secret-key CksOikbc (shown as 
"ksOi" in the figure) to the data content dealing 
center. 

The original secret-key KsOi may be prepared 10 
by the information provider I Pi, or the information 
provider IPi may ask the key management center to 
generate it. In case the key management center 
generates the original secret-key KsOi. the gener- 
ated original secret-key KsOi is encrypted using a 15 
public-key KbOi of the information provider IPi: 

CksOikbOi = E (KsOi, KbOi). 
The encrypted original secret-key CksOikbOi is dis- 
tributed to the information provider IPi, who 
decrypts it using a private-key KvOi: 20 

KsOi = D (CksOikbOi, KvOi). 
and the decrypted original secret-key KsOi is used 
for encryption of the original data content MOi. 

The data content dealing center decrypts the 
supplied encrypted original secret-key CksOikbc 25 
using a private-key Kvc of the data content dealing 
center: 

KsOi = D (CksOikbc, Kvc), 
decrypts the encrypted original data content 
CmOiksOi using the decrypted original secret-key 30 
KsOi: 

MOi = D (CmOiksOi, KsOi) 
and stores the decrypted original data content MOi 
and the corresponding original secret-key KsOi in 
the data content database. 35 

The information provider or the data content 
dealing center may add watermark to the original 
data content MOi to check illegitimate use and may 
store it. 

To promote utilization of the original data con- 40 
tent, the data content dealing management center 
prepares a catalog by means to compress or to 
divide into parts so that the original data content 
cannot be utilized as it is and posts it in the data 
content dealing center. 45 

(2) After reviewing the original data content pre- 
pared in catalog, a first user U1i presents a first 
user label Lu1i and a public-key Kb1i of the first 
user U1i, and by specifying the original data content so 
to be utilized, requests for use to the data content 
dealing center. 

(3) Upon receipt of the request for use of the origi- 
nal data content MOi, the data content dealing ss 
center confirms the user label Lu1i to check for fee 
charging and identification, and then, encrypts the 
original data content MOi using the corresponding 



original secret-key KsOi: 

CmOiksOi = E (MOi, KsOi). 
encrypts the original secret-key KsOi using the pub- 
lic-key Kb1i of the first user U1i: 

Cks0ikb1i = E(KsOi t Kb1i) 
and distributes the encrypted original data content 
CmOiksOi and the encrypted original secret-key 
CksOikbli (shown as "KsOi" in the figure) to the first 
user U1 i, and also charges for the original data con- 
tent utilization to the first user U1i. 

(4) When the encrypted original data content 
CmOiksOi and the encrypted original secret-key 
CksOikbli have been distributed, the first user Uli 
decrypts the encrypted original secret-key 
CksOikbli using a private-key Kv1i of the first user 
U1i: 

KsOi = D (CksOikbli, Kv1i), 
decrypts the encrypted original data content 
CmOiksOi using the decrypted original secret-key 
KsOi: 

MOi = D (CmOiksOi, KsOi) 
and creates a new first edited data content Mli 
using the decrypted original data content MOi. 

As described above, there are two cases to edit 
the data content: the case where a single original 
data content is used and the case where a plurality 
of original data contents are used. In these cases, 
the user's data content may be added. Therefore, 
as the data content to be used for edit in this 
embodiment, there are, in addition to a single data 
content, a plurality of original data contents, and 
user's data content. The edited data content com- 
prises these data content and the editing scenario, 
i.e. the details of editing. By obtaining these, it is 
possible to reproduce the edited data content 

Incidentally, the original data content is origi- 
nally stored in the data content database of the data 
content dealing center. Accordingly, data which is 
not yet stored in the data content dealing center 
when newly generated by editing of the data con- 
tent, is the user's data content and the editing sce- 
nario. 

Therefore, by storing these in the data content 
dealing center, it is possible to handle the first 
user's data content of the user who edited the data 
content, in the same manner as the original data 
content, and the user can be also an information 
provider. 

(5) The first edited data content M ti comprises the 
original data content MOi and a first editing scenario 
Sli. Further, in some cases, the first user's data 
content Muti is added as a comprising element. 

Among these elements, the original data con- 
tent MOi is stored in the data content database of 
the data content dealing center. Accordingly, what 
is to be stored newly in the data content dealing 
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center includes the first editing scenario Sli and the 
first user's data content Mu1i. 

For this purpose, the first user Uti prepares a 
first secret-key Ks1i, encrypts the first editing sce- 
nario Sli and the first user's data content Mu1i 5 
using the first secret-key Ksl i: 

Cs1iks1i = W(Sti,Ks1i) 

Cmuliksli = E (Mu1i, Ksli), 
encrypts the first secret-key Ksli using the public- 
key Kbc of the data content dealing center: io 

Cks1ikbc = E(Ks1i, Kbc) 
and transfers the encrypted first editing scenario 
Cs1iks1i (shown as M s1i" in the figure), the 
encrypted first user's data content Cmuliksli 
(shown as "mir in the figure), and the encrypted is 
first secret-key Cks1 ikbc (shown as "ks1 i" in the fig- 
ure) to the data content dealing center. 

The first secret-key Ksli may be prepared by 
the first user U1i ( or the first user U1i may ask the 
key management center to generate it In case the 20 
key management center generates the first secret- 
key Ksli, the generated first secret-key Ksli is 
encrypted using the public-key Kb1i of the first user 
U1i: 

Ckslikbli = E (Ksli. Kb1i) 2s 
and the encrypted first secret- key Ckslikbli is dis- 
tributed to the first user Uli. The first user U1i 
decrypts it using the private-key Kv1i: 

Ksli -D (Ckslikbli. Kv1i) 
and the decrypted first secret-key Ksti is used to 30 
encrypt the first editing scenario Sli and the first 
user's data content Mu1 i. 

The data content dealing center decrypts the 
transferred encrypted first secret-key Ckstikbc 
using the private-key Kvc of the data content deal- 35 
ing center: 

Ks1i«D(Cks1 ikbc. Kvc) 
decrypts the encrypted first editing scenario 
Cs1 iksli and the encrypted first user'6 data content 
Cmuliksli using the decrypted first secret-key 4C 
Ksli: 

Sli« D(Cs1iks1i, Ksli) 
Mu1i = D (Cmuliksli, Ksli) 
and generates a first user data content label and a 
first editing scenario label according to a first user 45 
label, and the decrypted first secret-key Ksli. the 
first editing scenario Sli, the first user's data con- 
tent Mu1i. the first user data content label and the 
first editing scenario label are stored in the data- 
base. 50 

The first user or the data content dealing center 
may add watermark to the original data content MOi 
to check illegitimate use and may store it. 

The database where the first secret-key Ksli, 
the first editing scenario SI i and the first user's data 55 
content Mu1i are to be stored may be the data con- 
tent database where the original data content MOi is 
stored, or another editing scenario database may 



be provided to store them. 

To promote utilization of the first edited data 
content, the data content dealing management 
center prepares a catalog by means to compress or 
to divide into parts so that the first edited data con- 
tent cannot be used as it is and posts it in the data 
content dealing center. 

(6) After reviewing the original data content MOi and 
the first edited data content M1i prepared in cata- 
log, a second user U2i presents a second user label 
Lu2i and a public-key Kb2i of the second user U2i. 
By specifying the original data content MOi and/or 
the first edited data content M1i to be utilized, a 
request for use is sent to the data content dealing 
center. 

(7) Upon receipt of the request for use of the origi- 
nal data content MOi and/or the first edited data 
content M1i, the data content dealing center con- 
firms the user label Lu2i to check for fee charging 
and identification. Then, the original data content 
MOi requested for use, is encrypted using the corre- 
sponding original secret-key KsOi. The first editing 
scenario Sli and the first user's data content Mu1i 
are encrypted using the first secret-key Ksli, the 
original secret-key KsOi is encrypted using a public- 
key Kb2i, and the first secret-key Ksli is encrypted 
using the public-key Kb2i: 

CmOiksOi « E (MOi, KsOi) 

Cs1iks1i = E(S1i, Ksli) 

Cmuliksli = E (Mu1i, Ksli) 

Cks0ikb2i = E (KsOi, Kb2i) 

Cks1ikb2i = E(Ks1i, Kb2i). 
Then, the encrypted original data content CmOiksOi 
(shown as M mOi" in the figure), the encrypted first 
editing scenario Cs1 iksli (shown as "sir in the fig- 
ure), the encrypted first user's data content 
Cmuliksli (shown as "muli" in the figure), the 
encrypted original secret-key Cks0ikb2i and the 
encrypted first secret-key Cks1ikb2i are transferred 
to the second user U2i. And then, the data content 
dealing center charges for utilization of the original 
data content MOi and the first editing scenario SI i 
to the second user U2i. 

(8) When the encrypted original data content 
CmOiksOi, the encrypted first editing scenario 
Csl iksli, the encrypted first user's data content 
Cmuliksli, the encrypted original secret -key 
Cks0ikb2i and the encrypted first secret-key 
Cks1ikb2i have been transferred, the second user 
U2i decrypts the encrypted original secret-key 
Cks0ikb2i and the encrypted first secret-key 
Cks1ikb2i using a private-key Kv2i of the second 
user U2i: 

KsOi = D (Cks0ikb2i, Kv2i) 
Ksli = D (Cks1ikb2i, Kv2i). 
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Next, the encrypted original data content CmOiksOi 
is decrypted using the decrypted original 6ecret-key 
KsOi, and the encrypted first editing scenario 
Cs1 iksl i and the encrypted first user's data content 
Cmuliksli are decrypted using the decrypted first s 
secret- key Ks1i: 

MOi = D (CmOiksOi, KsOi) 

Sli = D(Cs1iks1i, Ks1i) 

Muli = D (Cmuliksli, Ks1i) 
and a new second edited data content M2i is ere- w 
ated by utilizing the decrypted original data content 
MOi, the first editing scenario S1 i and the first user's 
data content Mu1i. 

The second user U2i prepares a second secret-key is 
Ks2i and encrypts a new second editing scenario S2i 
and a second user's data content Mu2i, not stored in the 
database of the data content dealing center, using the 
second secret-key Ks2i: 

Cs2iks2i = E (S2i, Ks2i) 20 
Cmu2iks2i = E (Mu2i, Ks2i). 
Then, the second secret- key Ks2i is encrypted using 
the public-key Kbc of the data content dealing center: 

Cks2ikbc = E (Ks2i, Kbc) 
and the encrypted second editing scenario Cs2iks2i 25 
(shown as n s2i" in the figure), the encrypted second 
user's data content Cmu2iks2i (shown as "mu2i" in the 
figure), and the encrypted second secret- key Cks2ikbc 
(shown as "ks2i" in the figure) are transferred to the data 
content dealing center. 30 

Then, the same procedure is repeated. 

[Example 6] 

Description will be given on this embodiment in 35 
which a data content editor sells a utilization right of an 
editing scenario by auction in the data content market, 
referring to Figure 7. In the embodiment, the utilization 
right of an editing scenario is auctioned on the market in 
the system, and an editing scenario seller who obtains ao 
the utilization right of the editing scenario sells or lends 
the editing scenario to a user. 

The original data content handled in the present 
system is an object, and the edited data content is 
expressed as the original data content object linked by <s 
the editing scenario. Therefore, only the editing sce- 
nario is dealt in. When the editing scenario has been 
purchased or lent the user collects and links the origi- 
nal data content used in accordance with the editing 
scenario and reproduces the edited data content. In this so 
case, the original data content may be collected by the 
user himself, but the burden on the user may be 
reduced H it is performed in the system side or by using 
an agent program. 

A data content deals center, which serves as a core 55 
of the system, comprises a key management center, a 
data content database, a data content dealing manage- 
ment center, an editing scenario database, and an edit- 



ing scenario market management center present on the 
network. 

The data content database stores the original data 
content provided by an information provider (IP) and 
supplies it to a data content editor. 

The editing scenario database stores the editing 
scenario when the data content editor obtains the 
edited data content by utilizing the original data content 
or the editor's data content created by the data content 
editor, and supplies it to the editing scenario sellers, 
who participate in auction. 

The key management center stores a secret-key for 
encryption/decryption for the original data content, the 
editor's data content and the editing scenario and sup- 
plies it to the data content editor or the editing scenario 
seller. 

The data content dealing management center pre- 
pares a catalog and advertizes for the original data con- 
tent and manages sales for the data content editor. 

The editing scenario market management center 
prepares a catalog and advertizes for the edited data 
content, and manages editing scenario auction and col- 
lects a fee. Further, the editing scenario market man- 
agement center collects and links the original data 
content according to the editing scenario, when neces- 
sary, and also manages a label for the editing scenario 
which is to be stored in the editing scenario database. 

For the detailed operation of each component, 
which comprises the data content dealing center, 
description is not given here because it is the same as 
already explained. 

(1) The information provider IPi (i = 1, 2, 3 ; the 

same applies hereinafter) encrypts the original data 
content MOi using an original secret-key KsOi: 

CmOiksOi ~ E (MOi, KsOi), 
encrypts the corresponding original secret-key KsOi 
using a public-key Kbc of the data content dealing 
center: 

CksOikbc = E(KsOi, Kbc) 
and supplies the encrypted original data content 
CmOiksOi (shown as *mOi" in the figure) and the 
encrypted original secret-key CksOikbc (shown as 
"ksOi" in the figure) to the data content dealing 
center. 

The original secret-key KsOi may be prepared 
by the information provider IPi, or the information 
provider IPi may ask the key management center to 
generate it In case the key management center 
generates the original secret-key KsOi, the gener- 
ated original secret- key KsOi is encrypted using a 
public-key KbOi of the information provider IPi: 

CksOikbOi = E (KsOi, KbOi). 
The encrypted original secret-key CksOikbOi is dis- 
tributed to the information provider IPi, and is 
decrypted using a private-key KvOi of the IPi: 

KsOi « D (CksOikbOi, KvOi) 
and the decrypted original secret-key KsOi is used 
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lor encryption of the original data content MOi. 

The data content dealing center decrypts the 
supplied encrypted original secret-key CksOikbc 
using a private- key Kvc of the data content dealing 
center: $ 

KsOi s D (CksOikbc, Kvc), 
decrypts the encrypted original data content 
CmOiksOi using the decrypted original secret-key 
KsOi: 

MOi = D (CmOiksOi, KsOi) io 
and stores the decrypted original data content MOi 
and the corresponding original secret- key KsOi to 
the data content database. 

The information provider or the data content 
dealing center may add watermark to the original is 
data content MOi to check illegitimate use and may 
store it. 

To promote utilization for editing of the original 
data content, the data content dealing management 
center prepares a catalog by means to compress or 20 
to divide into parts so that the original data content 
cannot be utilized as it is and posts it in the data 
content dealing center. 

(2) After reviewing the original data content pre- 25 
pared in catalog, the data content editor Ei presents 

a data content editor label Lei and a public-key Kb1i 
of the data content editor Ei, and requests for utili- 
zation by specifying the original data content to be 
utilized, to the data content dealing center. 30 

(3) Upon receipt of the rquest for utilization of the 
original data content MOi. the data content dealing 
center confirms the user label Lei to check for fee 
charging and identification. Then, the original data 35 
content MOi is encrypted using the corresponding 
original secret-key KsOi: 

CmOiksOi = E (MOi. KsOi). 
encrypts the original secret -key KsOi using a public- 
key Kbei of the data content editor Ei: 40 

CksOikbei = E (KsOi, Kbei) 
and distributes the encrypted original data content 
CmOiksOi and the encrypted original secret-key 
CksOikbei (shown as "ksOi n in the figure9 to the data 
content editor Ei, and further, charges a fee for the 45 
original data content utilization to the data content 
editor Ei and an end user. 

(4) When the encrypted original data content 
CmOiksOi and the encrypted original secret-key so 
CksOikbei have been distributed, the data content 
editor Ei decrypts the encrypted original secret-key 
CksOikbei using a private-key Kvei of the data con- 
tent editor Ei: 

KsOi = E (CksOikbei, Kvei), ,55 
decrypts the encrypted original data content 
CmOiksOi using the decrypted original secret-key 
KsOi: 
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MOi s D (CmOiksOi, KsOi) 
and creates an edited data content Mei utilizing the 
decrypted original data content MOi. 

As described above, there are two cases to edit 
the data content: the case where a single original 
data content is used and the case where a plurality 
of original data contents are used. In these cases, 
the data content of the data content editor may be 
added. Therefore, as the data content to be used 
for editing in this embodiment, there are, in addition 
to a single data content, a plurality of original data 
contents and the data content of the data content 
editor. The edited data content comprises these 
data contents and the editing scenario, i.e. the 
detail of editing. By obtaining these, it is possible to 
reproduce the edited data content. 

incidentally, the original data content is origi- 
nally stored in the data content database of the data 
content dealing center. Accordingly, data which is 
not yet stored in the data content dealing center is, 
when newly generated by editing the data content, 
is the editor's data content of the data content editor 
and the editing scenario. 

Therefore, by storing these in the data content 
dealing center, it is possible to handle the editor's 
data content of the data content editor who has 
edited the data content in the same manner as the 
original data content, and the data content editor 
can be an information provider. Further, it is also 
possible to sell utilization right of the editing sce- 
nario and/or the editor's data content by auction in 
the market. In this case, the utilization right of the 
editing scenario and the editor's data content may 
be plural for a single edited data content 

(5) The edited data content Mei comprises the orig- 
inal data content MOi and the editing scenario Sei. 
Further, in some cases, the editor's data content 
Medi is added as a comprising element 

Among these elements, the original data con- 
tent MOi is stored in the data content database of 
the data content dealing center. Accordingly, what 
is to be stored newly in the data content dealing 
center is the editing scenario Sei and the editor's 
data content Medi. 

To sell the utilization right of the editing sce- 
nario Sei and the editor's data content Medi, the 
data content editor Ei prepares a secret-key Ksei. 
encrypts the editing scenario Sei and the editor's 
data content Medi using the secret-key Ksei: 

Cseiksei = E (Sei. Ksei) 

Cmediksei « E (Medi. K6ei) 
and encrypts the secret-key Ksei using the public- 
key Kbc of the data content dealing center: 

Ckseikbc = E (Ksei, Kbc). 
Then, the encrypted editing scenario Cseiksei 
(shown as "sei - in the.figure), the encrypted editor's 
data content Cmediksei (shown as "medi" in the fig- 
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ure), and the encrypted secret-key Ckseikbc 
(shown as "ksei" in the figure) are transferred to the 
data content dealing center. 

The secret-key Ksei may be prepared by the 
data content editor Ei, or the data content editor Ei s 
may ask the key management center to generate it. 
In case the key management center generates the 
secret-key Ksei, the generated secret-key Ksei is 
encrypted using the public-key Kbei of the data 
content editor Ei: io 

Ckseikbei = E (Ksei, Kbei) 
and the encrypted secret-key Ckseikbei is distrib- 
uted to the data content editor Ei. The data content 
editor Ei decrypts it using own private-key Kvei; 

Ksei = D (Ckseikbei, Kvei) is 
and the decrypted secret-key Ksei is used to 
encrypt the editing scenario Sei and the editor's 
data content Medi. 

The data content dealing center decrypts the 
transferred encrypted secret-key Ckseikbc using 20 
the private-key Kvc of the data content dealing 
center: 

Ksei = D (Ckseikbc, Kvc). 
Then, the encrypted editing scenario Cseiksei and 
the encrypted editor's data content Cmediksei are 25 
decrypted using the decrypted secret-key Ksei: 
Sei = D (Cseiksei, Ksei) 
Medi = D (Cmediksei, Ksei). 
Then, a copyright label based on the data content 
editor label Lei is added to each of the decrypted 30 
secret-key Ksei, the editing scenario Sei and the 
editor's data content Medi, and these are stored in 
the database. 

The data content editor or the data content 
dealing center may add watermark to the editing 35 
scenario Sei and the editor's data content Medi to 
check illegitimate use and may store them. 

The database where the secret-key Ksei, the 
editing scenario Sei and the editor's data content 
Medi are to be stored may be the data content data- 40 
base where the original data content MOi is 6tored, 
or another scenario database may be provided to 
store them. 

For auction of the editing scenario and the edi- 
tor's data content, the editing scenario market man- 4S 
agement center in the data content dealing center 
prepares a catalog by means to compress or to 
divide into parts so that the edited data content can- 
not be utilized as it is and posts it shown the 
number of the selling utilization rights, in the editing so 
scenario market management center to announce 
the auction. 

(6) After reviewing the edited data content Mei pre- 
pared in catalog, each of a plurality of editing see- ss 
nario sellers Di presents an editing scenario seller 
label Ldi and a public-key Kbdi of the editing sce- 
nario seller Di and requests to purchase the editing 
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scenario Sei and the editor's data content Medi to 
the editing scenario market management center. 

(7) Upon receipt of the request to purchase the edit- 
ing scenario Sei and the editor's data content Medi, 
the editing scenario market management center 
confirms the editing scenario seller label Ldi to 
check for fee charging and identification, performs 
the auction on the network, and sells the utilization 
right of the editing scenario Sei and the editor's 
data content Medi to a plurality of editing scenario 
sellers Di. 

As described above, the utilization right of the 
editing scenario and the editor's data content may 
be plural for a single edited data content. 

The editing scenario seller Di, to whom it has 
been decided to sell, encrypts the secret-key Ksdi 
of the editing scenario seller Di using the public-key 
Kbc of the data content dealing center: 

Cksdikbc = E (Ksdi, Kbc) 
and transfers the encrypted secret- key Cksdikbc 
(shown as "ksdi" in the figure) to the editing sce- 
nario market management center. 

(8) The editing scenario market management 
center decrypts the presented encrypted secret- 
key Cksdikbc using the private-key Kvc of the data 
content dealing center: 

Ksdi « D (Cksdikbc. Kvc) 
encrypts the editing scenario Sei and the editor's 
data content Medi using the decrypted secret-key 
Ksdi of the editing scenario seller Di: 

Cseiksdi - E (Sei. Ksdi) 

Cmediksdi = E (Medi, Ksdi) 
and sends the encrypted editing scenario Cseiksdi 
and encrypted editor's data content Cmediksdi to 
the editing scenario seller Di. 

Also, the content of the copyright label is changed 
from the one based on the data content editor label Lei 
to the one based on the editing scenario seller label Ldi. 
As a result, the secret-key Ksei of the data content edi- 
tor cannot be used any more, and the secret-key Ksdi of 
the editing scenario seller can be used substantially. In 
this case, instead of changing the content of the copy- 
right label, it may be newly added based on the editing 
scenario seller label Ldi. 

The editing scenario seller who purchases the 
encrypted editing scenario Cseiksdi executes thereafter 
the utilization right of the purchased editing scenario. 
The original data content can also be sold by auction in 
the same manner as the editing scenario. However, it is 
preferable to avoid to sell to a specific seller because 
there may be a plurality of users utilizing the original 
data content. 

Then, the same procedure may be repeated if nec- 
essary. 

In the data content dealing system described in 
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each embodiment of the present application, in case 
that for a user device, a network computer without a 
storing unit such as a hard disk drive is used, the illegit- 
imate use, i.e., using without pay or leakage of the data 
content hardly occurs. However, in case that lor a user 
device, a general computer having a storing unit such 
as a hard disk drive is used, there is a possibility of 
problems such like these illegitimate use. 

In cope with such problems, adopting a copyright 
management program and re- encryption of the data 
content is effective as the present inventor has pro- 
posed in the U.S. Patent Application Serial 
No.08/41 6,037 (EP 677949A2), and if adopting an 
arrangement referred to as a realtime OS or an embe- 
ded system which allows the copyright management 
program performing re-encryption to precede other 
application programs, the illegitimate use problems can 
be effectively avoided. 

Claims 



Data content dealing system in which an original 
data content and an edited data content into which 
a first user has edited said original data content are 
sold in a network to a second user, comprising : 25 

a data content dealing center with: 



a key management center generating, 
storing and transferring a secret-key; 
a data content dealing management center 
advertizing and selling said data content 
stored in a database; and 
an editing scenario dealing management 
center advertizing and selling an editing 
scenario, and 



35 



a database, comprising: 

the original data content as a data object; 40 
and 

the edited data content comprising: 

said data object and 45 

an editing scenario of editing details of 
said data object; 

wherein said lirst user creates the edited data con* so 
tent using said original data content and encrypts 
an editing scenario of said edited data content by a 
secret-key which is to be deposited in said data- 
base and deposits said 6ecret-key in 6atd key man- 
agement center; said encrypted editing scenario 55 
and said secret- key are transferred to the second 
user; and said second user decrypts said 
encrypted editing scenario by said secret-key and 



re-constitutes said edited data content according to 
said decrypted editing scenario. 

2. Data content dealing system according to claim 1, 
wherein said original data content is transferred to 
the second user together with said encrypted edit- 
ing scenario and said secret-key. 

3. Data content dealing system, in which a utilization 
right of an editing scenario on an edited data con- 
tent into which a data content editor has edited an 
original data content comprising a data object is 
auctioned in a network for an editing scenario 
seller, wherein said edited data content comprises 
said data object and the editing scenario describing 
the editing details thereof, comprising: 

a data content dealing center comprising: 

a key management center for generation, 
storage and transfer of said secret-key; 

a data content dealing management center 
to advertise and sell said data content 
stored in a database and to transfer; 

an editing scenario market management 
center to advertize and auction said editing 
scenario (for said editing scenario seller) 
and to change the secret-key for said edit- 
ing scenario from the data content editor's 
secret-key into the scenario seller's secret- 
key; and 

a database comprising: 

an original data content comprising a data 
object; and 

an edited data content with said data 
object and the editing scenario describing 
editing details of said object; 

wherein by said data content editor: said editing 
data content is produced using said original data 
content; the editing scenario of said edited data 
content is encrypted by one of his secret-keys and 
deposited in said database and said secret-key is 
deposited in said key management center 

4. Data content dealing system according to claim 1 or 
claim 3. wherein said database comprises a data 
content database storing a data content and an 
editing scenario database storing editing scenarios. 

5. Process for dealing with data contents selling origi- 
nal data and an edited data content in which a first 
user has edited said original data content in a net- 



18 



35 EP 0 878 753 A2 36 

work to a second user, comprising • a data content dealing center comprising: 



providing: 

a data content dealing center comprising: 

5 

a key management center, generating 
storing and transferring of a secret-key; 

a data content dealing management center 
for advertising and selling said data con- 10 
tent ; and 

an editing scenario dealing management 
center for advertising and selling of an edit- 
ing scenario; and 15 

a database comprising: 

the original data content as data object; 

and 

1 the edited data content comprising said so 

data object and an editing scenario of editing 
details of said data object; 

creating an edited data content using said orig- 
inal data content stored in said database, ss 

encrypting an editing scenario of said edited 
data content by a secret-key which is to be 
deposited in said database 

30 

depositing said secret-key in said key manage- 
ment center by said first user; 

transferring said encrypted editing scenario 
and said secret-key to the second user who 35 
wishes to use said edited data content; and 

decrypting said encrypted editing scenario by 
said secret-key and re-constitution of said 
edited data content according to said <o 
) decrypted editing scenario by said second 

user. 

6. Process according to claim 5, further comprising: 

45 

transferring said original data content to a sec- 
ond user together with said encrypted editing 
scenario and said 6ecret-key. 

7. Process for dealing data contents, in which a utili- so 
zation right of an editing scenario on an edited data 
content which a data content editor has edited from 

an original data content stored in a database is auc- 
tioned in a network for an editing scenario seller, 
comprising: 55 

providing a data content dealing system com- 
prising: 



a key management center for genera- 
tion, storage and transfer of a secret- 
key; 

a data content dealing management 
center to advertize and sell said data 
content stored in said database; 
an editing scenario market manage- 
ment center to advertise and auction 
said editing scenario and to change 
the secret-key for said editing scenario 
from the data content editor's secret- 
key into the scenario seller's secret- 
key; and 

- a database comprising 

the original data content as a data 
object; and 

said edited data content with said data 
object and the editing scenario 
describing editing details of said data 
object; 

producing the edited data content by using said 
original data content stored in said database, 

encrypting the editing scenario of said edited 
data content by his secret- key, depositing the 
encrypted editing scenario in said database 
and depositing said secret-key in said key man- 
agement center by said data content editor 

auctioning and transferring of his secret-key for 
said editing scenario to said key management 
center for said editing scenario seller wishing to 
sell said utilization right of said editing scenario 
by an editing scenario market management 
center; and. 

- changing the data content editor's secret-key 
into the editing scenario's sellers key by said 
editing scenario dealing management center. 

8. Process according to claim 7, further comprising : 

providing in said database: 

an editing scenario database storing an 
editing scenario and 

a data content database storing a data 
content 
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Fig. 4 
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Fig. 6 
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